Index: flag.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/flag/Attic/flag.inc,v
retrieving revision 1.1.2.30.2.21
diff -u -r1.1.2.30.2.21 flag.inc
--- flag.inc	7 May 2010 23:53:33 -0000	1.1.2.30.2.21
+++ flag.inc	8 May 2010 00:27:01 -0000
@@ -411,6 +411,9 @@
   /**
    * Returns TRUE if the user can flag, or unflag, the given content.
    *
+   * This method typically should not be overridden by child classes. Instead
+   * they should implement type_access(), which is called by this method.
+   *
    * @param $content_id
    *   The content ID to flag/unflag.
    * @param $account
@@ -439,6 +442,12 @@
     // Base initial access on the user's basic permission to use this flag.
     $access = $this->user_access($action, $account);
 
+    // Check for additional access rules provided by sub-classes.
+    $child_access = $this->type_access($content_id, $action, $account);
+    if (isset($child_access)) {
+      $access = $child_access;
+    }
+
     // Allow modules to disallow (or allow) access to flagging.
     $access_array = module_invoke_all('flag_access', $this, $content_id, $action, $account);
 
@@ -458,6 +467,10 @@
    * test in the Views query, is to make 'many to one' tests possible without
    * interfering with the rows, and also to reduce the complexity of the code.
    *
+   * This method typically should not be overridden by child classes. Instead
+   * they should implement type_access_multiple(), which is called by this
+   * method.
+   *
    * @param $content_ids
    *   The array of content IDs to check. The keys are the content IDs, the
    *   values are the actions to test: either 'flag' or 'unflag'.
@@ -474,6 +487,16 @@
       $access[$content_id] = $this->user_access($content_ids[$content_id], $account);
     }
 
+    // Check for additional access rules provided by sub-classes.
+    $child_access = $this->type_access_multiple($content_ids, $account);
+    if (isset($child_access)) {
+      foreach ($child_access as $content_id => $content_access) {
+        if (isset($content_access)) {
+          $access[$content_id] = $content_access;
+        }
+      }
+    }
+
     // Merge in module-defined access.
     foreach (module_implements('flag_access_multiple') as $module) {
       $module_access = module_invoke($module, 'flag_access_multiple', $this, $content_ids, $account);
@@ -488,6 +511,24 @@
   }
 
   /**
+   * An implementation of access() implemented by each child class.
+   *
+   * @abstract
+   */
+  function type_access($content_id, $action, $account) {
+    return NULL;
+  }
+
+  /**
+   * An implementation of access_multiple() implemented by each child class.
+   *
+   * @abstract
+   */
+  function type_access_multiple($content_ids, $account) {
+    return NULL;
+  }
+
+  /**
    * @} End of "defgroup access".
    */
 
@@ -1143,8 +1184,8 @@
     return FALSE;
   }
 
-  function access_multiple($content_ids, $account = NULL) {
-    $access = parent::access_multiple($content_ids, $account);
+  function type_access_multiple($content_ids, $account = NULL) {
+    $access = array();
 
     // Ensure that only flaggable node types are granted access. This avoids a
     // node_load() on every type, usually done by applies_to_content_id().
@@ -1318,10 +1359,7 @@
     return FALSE;
   }
 
-  function access_multiple($content_ids, $account = NULL) {
-    $account = isset($account) ? $account : $GLOBALS['user'];
-    $access = parent::access_multiple($content_ids, $account);
-
+  function type_access_multiple($content_ids, $account) {
     // Ensure node types are granted access. This avoids a
     // node_load() on every type, usually done by applies_to_content_id().
     $cids = implode(',', array_map('intval', array_keys($content_ids)));
@@ -1459,29 +1497,18 @@
     return FALSE;
   }
 
-  function access($content_id, $action = NULL, $account = NULL) {
-    $access = parent::access($content_id, $action, $account);
-    $account = isset($account) ? $account : $GLOBALS['user'];
-
+  function type_access($content_id, $action, $account) {
     // Prevent users from flagging themselves.
     if ($this->access_uid == 'others' && $content_id == $account->uid) {
-      $access = FALSE;
+      return FALSE;
     }
-
-    return $access;
   }
 
-  function access_multiple($content_ids, $account = NULL) {
-    $account = isset($account) ? $account : $GLOBALS['user'];
-    $access = parent::access_multiple($content_ids, $account);
-
-    // Exclude anonymous.
-    if (array_key_exists(0, $access)) {
-      $access[0] = FALSE;
-    }
+  function type_access_multiple($content_ids, $account) {
+    $access = array();
 
     // Prevent users from flagging themselves.
-    if ($this->access_uid == 'others' && array_key_exists($account->uid, $access)) {
+    if ($this->access_uid == 'others' && array_key_exists($account->uid, $content_ids)) {
       $access[$account->uid] = FALSE;
     }
 
